Severity scale  
  (64/100)

Sober.t. How to Remove? (Uninstall Guide)

removal by - -   | Type: Worms
12
Sober.t is a rapidly spreading Internet worm that propagates by e-mail through messages with attached Zip archives containing copies of the parasite.

Once the user unpacks such an archive and executes an infected file, the worm displays a fake error message ("Error in Excel key"), installs itself to the system and runs a spreading routine. Sober.t searches local files for e-mail addresses, collects them and sends a malicious message to each of them using own mail engine. Letters have the following subject:
"Your email" or "Ihre eMail!"
and the following body:
"Hello,
Sorry, sorry sorry, because,, my English is not the best!
ok, I've got an email with an Excel-Table. But I am not the recipient, the recipient are you! I think, it's an mail error! OK, here is your table back!
cya..."
or
"Guten Tag,
jemand schickte mir eine Mail mit einer Excel oder Access Tabelle (kenne mich da nicht so aus!). Jedenfalls ist diese Mail aber an ihre Mail Adresse adressiert, aber zu meiner gekommen??? Ist wohl irgendein Fehler.
Ok, hier haben Sie sie wieder zurueck!
gruss"

The worm's payload is comprised of several harmful functions. Sober.t deletes essential components of installed Norton AntiVirus and few other Symantec products, terminates running Microsoft Malicious Software Removal Tool and tries to modify Windows critical network driver. The latter action may cause serious network problems and may lead to Internet connection loss. Sober.t may also display a fake message related to Symantec LiveUpdate tool.

Sober.t automatically runs on every Windows startup.

Sober.t properties:
• Hides from the user
• Stays resident in background

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use. By downloading any of provided Anti-spyware software you agree with our Privacy Policy and Agreement of Use.
Do it now!
Download
Reimage - remover Happiness
Guarantee
Compatible with Microsoft Windows
What to do if failed?
If you failed to remove infection using Reimage Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Sober.t. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Reimage is recommended to uninstall Sober.t. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Not using OS X? Download a remover for Windows.
Press Mentions on Reimage
Alternate Software
Alternate Software
Plumbytes
We are testing Plumbytes's efficiency (2005-11-17 03:01)
Malwarebytes Anti Malware
We are testing Malwarebytes Anti Malware's efficiency (2005-11-17 03:01)
Hitman Pro
Webroot SecureAnywhere AntiVirus

Sober.t manual removal

Kill processes:
hjgerhds.exe, services.exe
Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\_wincheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wincheck
Delete files:
hjgerhds.exe, services.exe, excel_table.zip, tabelle.zip
Delete directories:
C:WindowsConnectionStatus
C:WinntConnectionStatus

Information updated:

Comments on Sober.t

Post a comment

Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name



«

(All fields are required)